1. To enable single sign-on to BambooHR on the service, you must configure the application in the catalog and copy the SAML-signing certificate to BambooHR.
   • Add BambooHR to the Catalog
     1. Log in to the Workspace ONE Access administration console.
     2. In the Catalog page, select NEW
     3. In the New SaaS Application wizard under Search type BambooHR.
     4. Select the BambooHR icon.
     5. Select NEXT

2. In the Configuration section of the New Saas Application Wizard

• Under Single Sign-ON URL append the first letter of your city and country two letter abbreviation  + student RDP IP last Octet  Number eg.
  • If you live in Rotterdam Netherlands and your IP address end with 35, then you could come up with a Unique domain. It has to be unique. This is one approach we could follow.
    • https://rnl35.bamboohr.com/saml/consume.php
  • Under Recipient URL append your domain name ie Utrecht35 to the FQDN
    • https://rnl35.bamboohr.com
• Please remember to document this in your custom accounts in the Horizon Datasheet provided

3. In the  Application Parameters area
   • Under Value, type in your Singular domain name
     • Note! If your FQDN is going to be rnl35.bamboohr.com then under Value type rnl35
     • Select Next
   • On the Access Policies page
     • Select NEXT
   • On the Summary page
     • Select SAVE & ASSIGN
   • Under Users / User Groups
     • Type and select Marketing
   • Under Deployment Type,
     • Select Automatic
     • Ensure Include is selected under Entitlement Type (Default)
   • Select SAVE

4. Download SAML-Signing Certificate
   • We need to download the SAML-signing certificate from the Workspace ONE Access service for the BambooHR configuration.
     • In the Catalog > Settings tab, click SAML Metadata.
     • Under Signing Certificate text select DOWNLOAD.
     • Open a .txt  editor and copy Make sure that you include text from -----BEGIN CERTIFICATE---- through ---------END CERTIFICATE-----.

1. We start off by registering a trial account with BambooHR, next we will federate BambooHR with Workspace ONE Access
   • Open up a browser use the following URL https://www.bamboohr.com/signup.php
     • As part of Step 1
     • Add your
       • First Name: "Your" First Name
       • Last Name: "Your" Last Name
       • Work EMAIL: Add an email
       • Work Phone: Add a phone number
     • Select Just One More!

2. As part of Step 2 complete your registration information Next to
   • Company Name: Livefire
   • Number employees : select a number
   • Country : your choice. e.g. Netherlands

• Select Just One More!

3. As part of Step 3 complete your registration information
   • Under Livefire.Bamboohr.com
     • Select Edit
   • Under BAMBOOHR DOMAIN, enter
     • your custom domain
   • Under PASSWORD
     • Enter VMware1!
   • Select Generate Your Account

• Again, make 100% sure you have documented the  new admin UrL, username, password and email address used to register this account

4. In the BambooHR page
   • Select Open Your Account
   • Enter your with your email address and password
   • Select Log In
   • On the Welcome page select Cancel

5. Configuring the Single-Sign ON settings in BambooHR
   • On the Home Page look to the right and select the Cog wheel Icons for Settings

6. Under Settings
   • Select Apps
   • In the Apps Settings page scroll down until you see the red SAML icon
   • Select the Install option next it.

7. In the SAML Single Sign-On Settings window enter the following:-
   • Under SSO Login URL* : enter your Workspace ONE Access URL in the following format https://myco.vmwareidentity.com/SAAS/auth/federation/sso
     • e.g. https://aw-euclivefirefran.vidmpreview.com/SAAS/auth/federation/sso
   • x509 Certificate: copy the entire content of your signing certificate downloaded in Part 1
     • Include text from -----BEGIN CERTIFICATE---- through ---------END CERTIFICATE-----.
     • Select Install

8. Setting an Identical custom test User account
   • Select the People tab.
     • Select New Employee.
   • In the Heads Up! page
     • Select Add Anyway

9. In the Add Employee window add the identical information to what you added at the beginning of the course from your active directory,
   • NB! Matching email address information identical to your Active Directory
     • If necessary double-check your info in Active directory
     • Allow Access to BambooHR is selected
       • Select Employees UK or an alternative
   • Select Save

10. Testing with your custom user account
    • In Chrome, open up another browser and use the Incognito mode option or open an alternate browser like Mozilla Firefox
    • Type your domainname.bamboohr.com e.g. rnl35.bamboohr.com
    • On the Select your domain, ensure euc-livefire.com is selected and select Next
    • On the Workspace ONE Access login type your custom account username and Password and select Sign in
    • On the Surprise page , select Okay, got it
    • Close down the default access prompts and observe that your custom now has access to BambooHR with password based authentication from a Web Browser

In later exercises will use the Native application to provide a single-sign on experience and understand the specifics related to authentication that might be required to fulfill from a platform but also the application perspective

About the Author

About the Author Reinhart Nel

https://www.livefire.solutions/meet-the-team/reinhartnel/

For any questions please email Reinhart at [email protected]